# Nomad 服务器节点安全配置模板
datacenter = "dc1"
data_dir = "/opt/nomad/data"
plugin_dir = "/opt/nomad/plugins"
log_level = "INFO"
name = "ash2e"

# 安全绑定 - 只绑定到 Tailscale 接口
bind_addr = "ash2e.tailnet-68f9.ts.net"

addresses {
  http = "ash2e.tailnet-68f9.ts.net"
  rpc  = "ash2e.tailnet-68f9.ts.net"
  serf = "ash2e.tailnet-68f9.ts.net"
}

advertise {
  http = "ash2e.tailnet-68f9.ts.net:4646"
  rpc  = "ash2e.tailnet-68f9.ts.net:4647"
  serf = "ash2e.tailnet-68f9.ts.net:4648"
}

ports {
  http = 4646
  rpc  = 4647
  serf = 4648
}

server {
  enabled = true
  
  # 七仙女服务器发现配置
  server_join {
    retry_join = [
      "semaphore.tailnet-68f9.ts.net:4647",
      "ash1d.tailnet-68f9.ts.net:4647", 
      "ash2e.tailnet-68f9.ts.net:4647",
      "ch2.tailnet-68f9.ts.net:4647",
      "ch3.tailnet-68f9.ts.net:4647",
      "onecloud1.tailnet-68f9.ts.net:4647",
      "de.tailnet-68f9.ts.net:4647"
    ]
  }
}

# 安全的 Consul 配置 - 指向本地客户端
consul {
  address = "127.0.0.1:8500"
  server_service_name = "nomad"
  client_service_name = "nomad-client"
  auto_advertise = true
  server_auto_join = true
  client_auto_join = true
}

# 安全的 Vault 配置 - 指向本地代理
vault {
  enabled = false  # 暂时禁用，等 Vault 集群部署完成
}

# 遥测配置
telemetry {
  collection_interval = "1s"
  disable_hostname = false
  prometheus_metrics = true
  publish_allocation_metrics = true
  publish_node_metrics = true
}